Symfony Blog

All about Symfony releases, new Symfony features, and other important announcements

New in Symfony 4.1 Misc. improvements (part 3)

In Symfony 4.1, MoneyType rounding is configurable, updating LDAP entries is more efficient, query strings can be kept when redirecting and hassers are supported by the PropertyInfo component.
May 28, 2018 #Living on the edge

May 21–27, 2018 A Week of Symfony #595

This week Symfony released 2.7.48, 2.8.41, 3.3.17, 3.4.11 and 4.0.11 versions to address several security vulnerabilities. Meanwhile Symfony 4.1.0 beta3 was published in preparation for next week's final release. Lastly, it was announced that the SymfonyLive USA 2018 conference will take place in San Francisco on October 11th and 12th.
May 27, 2018 #A week of symfony

Symfony 4.1.0-BETA3 released

Read release notes
May 26, 2018 #Releases

CVE-2018-11408: Open redirect vulnerability on security handlers

CVE-2018-11408 fixes an open redirect vulnerability on DefaultAuthenticationSuccessHandler and DefaultAuthenticationFailureHandler.
May 25, 2018 #Security Advisories

CVE-2018-11406: CSRF Token Fixation

CVE-2018-11406 fixes a possible CSRF token fixation.
May 25, 2018 #Security Advisories

CVE-2018-11407: Unauthorized access on a misconfigured LDAP server when using an empty password

CVE-2018-11407 fixes an unauthorized access on a misconfigured LDAP server when using an empty password.
May 25, 2018 #Security Advisories

CVE-2018-11385: Session Fixation Issue for Guard Authentication

CVE-2018-11385 fixes a session fixation issue when using Guard authentication.
May 25, 2018 #Security Advisories

CVE-2018-11386: Denial of service when using PDOSessionHandler

CVE-2018-11386 fixes a possible denial of service when using PDOSessionHandler.
May 25, 2018 #Security Advisories

Symfony 4.0.11 released

Read release notes
May 25, 2018 #Releases

Symfony 3.4.11 released

Read release notes
May 25, 2018 #Releases